Overview

overview

10

Static

static

8

021369dd43...18.doc

windows7-x64

10

021369dd43...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    021369dd438b340f58615f40985fa118_JaffaCakes118

  • Size

    182KB

  • Sample

    240427-bltnqsgf91

  • MD5

    021369dd438b340f58615f40985fa118

  • SHA1

    16361b5545b27f0940621b6c23e61bb2667ee999

  • SHA256

    d2991fc4edb1a667fa2dcaf28987c4c24b844331d705f9fda99ed82680e886de

  • SHA512

    89d01567575ba590e4e478604ace22ba1118bce6856db3e62b3c1e44ed7bdabf7e2a8c08d9c3452a54f8550c6bc03513c284c6562c5d92a16461480331abbbb3

  • SSDEEP

    3072:ii2y/GdyaktGDWLS0HZWD5w8K7Nk9AGD7IBUggmGhhjA98:ii2k44tGiL3HJk9AGD7bggm6hjAy

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://hanserefelektrik.com/wp-content/o0zEZ17669/
exe.dropper

http://governessfilms.com/cgi-bin/gnbw2/
exe.dropper

http://forming-a.com/mysql/0s53/
exe.dropper

http://harbour-springs.webonlinepro.com/cgi-bin/pdviP01/
exe.dropper

http://gomitra.com/aspnet_client/xkwsJj/

Targets

    • Target

      021369dd438b340f58615f40985fa118_JaffaCakes118

    • Size

      182KB

    • MD5

      021369dd438b340f58615f40985fa118

    • SHA1

      16361b5545b27f0940621b6c23e61bb2667ee999

    • SHA256

      d2991fc4edb1a667fa2dcaf28987c4c24b844331d705f9fda99ed82680e886de

    • SHA512

      89d01567575ba590e4e478604ace22ba1118bce6856db3e62b3c1e44ed7bdabf7e2a8c08d9c3452a54f8550c6bc03513c284c6562c5d92a16461480331abbbb3

    • SSDEEP

      3072:ii2y/GdyaktGDWLS0HZWD5w8K7Nk9AGD7IBUggmGhhjA98:ii2k44tGiL3HJk9AGD7bggm6hjAy

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks